-
公开(公告)号:US20140366111A1
公开(公告)日:2014-12-11
申请号:US13994016
申请日:2013-03-15
申请人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
发明人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/316 , G06F2221/2101 , G06F2221/2103 , G06F2221/2139 , H04L63/0861 , H04L67/14 , H04L67/24
摘要: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
摘要翻译: 通常,本公开描述了连续认证置信模块。 系统可以包括用户设备,包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块,被配置为响应于特定用户的初始认证来确定置信度得分,至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度分数,并且通知操作 系统,如果更新的置信度分数在会话关闭阈值的容限内,认证不再有效; 所述初始认证被配置为打开会话,所述置信度分数被配置为指示所述会话期间的当前认证强度。
-
2.发明申请Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine 有权使用融合安全引擎的Web服务提供商的隐私增强密钥管理公开(公告)号:US20140181925A1
公开(公告)日:2014-06-26
申请号:US13721760
申请日:2012-12-20
CPC分类号: H04L9/0861 , G06F21/31 , G06F21/33 , G06F21/45 , H04L9/3234 , H04L63/0281 , H04L63/061 , H04L63/08 , H04L63/0815 , H04L63/0823 , H04L63/0838 , H04L63/1466 , H04L2209/127 , H04L2463/082
摘要: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器的安全引擎包括身份提供者逻辑,以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者, 以执行与所述第二系统的安全通信,以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行,并且响应于所述验证,将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言,用户已被认证给系统。 描述和要求保护其他实施例。
-
公开(公告)号:US20160188873A1
公开(公告)日:2016-06-30
申请号:US14583620
申请日:2014-12-27
申请人: Ned M. Smith , Dmitri Rubakha , Samir Shah , Jason Martin , Micah J. Sheller , Somnath Chakrabarti , Bin Xing
发明人: Ned M. Smith , Dmitri Rubakha , Samir Shah , Jason Martin , Micah J. Sheller , Somnath Chakrabarti , Bin Xing
CPC分类号: G06F21/53 , G06F21/34 , G06F2221/033 , H04L9/321 , H04L9/3247 , H04L9/3263
摘要: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.
摘要翻译: 在一个示例中,计算设备包括可信执行环境(TEE),包括飞地。 飞地可以包括二进制翻译引擎(BTE)和输入验证引擎(IVE)。 在一个实施例中,IVE接收可信二进制作为输入,并且分析可信二进制以识别执行输入/输出操作的功能,类和变量。 为了确保这些接口的安全性,可以在飞地内执行这些操作。 IVE标记可信任的二进制文件,并向BTE提供二进制文件。 BTE然后将可信二进制文件转换为第二格式,包括指定用于在飞地内执行的标记部分。 BTE也可能以第二种格式签署新的二进制文件,并将其从飞地出口。
-
4.发明申请MECHANISM FOR FACILITATING DYNAMIC CONTEXT-BASED ACCESS CONTROL OF RESOURCES 审中-公开促进动态基于上下文的资源访问控制机制公开(公告)号:US20150135258A1
公开(公告)日:2015-05-14
申请号:US14129961
申请日:2013-09-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/45 , G06F21/6218 , G06F2221/2111 , H04L63/0876 , H04L63/20
摘要: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
摘要翻译: 描述了一种用于促进根据一个实施例的资源的基于上下文的访问控制的机制。 如本文所述的实施例的方法包括接收访问多个资源的资源的第一请求。 第一请求可以与对应于在计算设备处放置第一请求的用户相关联的一个或多个上下文相关联。 该方法还可以包括评估一个或多个上下文。 一个或多个上下文的评估可以包括将一个或多个上下文与与所请求的资源相关联的一个或多个访问策略进行匹配。 该方法还可以包括:如果一个或多个上下文满足访问策略中的至少一个,则接受第一请求。
-
5.发明申请TECHNOLOGIES FOR HARDENING THE SECURITY OF DIGITAL INFORMATION ON CLIENT PLATFORMS 审中-公开加强客户平台数字信息安全的技术公开(公告)号:US20150304736A1
公开(公告)日:2015-10-22
申请号:US14127542
申请日:2013-06-04
申请人: Reshma Lal , Jason Martin , Micah J. Sheller , Michael M. Amirfathi , Nathan Heldt-Sheller , Pradeep M. Pappachan
发明人: Reshma Lal , Jason Martin , Micah J. Sheller , Michael M. Amirfathi , Nathan Heldt-Sheller , Pradeep M. Pappachan
IPC分类号: H04N21/647 , H04L9/08
CPC分类号: H04N21/64715 , G06F21/10 , G06F21/72 , H04L9/0816 , H04L2209/24
摘要: Technologies for hardening the security of digital information on a client device are described. In some embodiments, the client device includes a secure processing environment such as a secure enclave, which may be used to protect digital information on a client platform. The secure environment(s) may also protect assets which may be used to access the digital information. Using the secure processing environment(s), the described technologies may protect digital information as it is provided to, stored on, accessed on, and/or processed for display by a client device, even if the client device may be infested with malware or subject to attack by another entity.
摘要翻译: 描述了在客户端设备上加强数字信息安全性的技术。 在一些实施例中,客户端设备包括诸如安全飞地之类的安全处理环境,其可以用于保护客户端平台上的数字信息。 安全环境还可以保护可能用于访问数字信息的资产。 使用安全处理环境,所描述的技术可以保护数字信息,因为它被提供给存储,访问和/或处理以供客户端设备显示,即使客户端设备可能被恶意软件或 受另一实体的攻击。
-
公开(公告)号:US20170085565A1
公开(公告)日:2017-03-23
申请号:US14757769
申请日:2015-12-23
IPC分类号: H04L29/06
CPC分类号: H04L63/0876 , G06F1/163 , G06F3/01 , G06F3/014 , G06F3/017 , G06F21/30 , G06F21/305 , H04L63/0492 , H04L63/0853 , H04W12/06 , H04W12/08
摘要: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.
-
7.发明申请公开(公告)号:US20140189807A1
公开(公告)日:2014-07-03
申请号:US13822216
申请日:2011-11-18
申请人: Conor P. Cahill , Vinay Phegade , Jason Martin , Anand Rajan , Nikhil M. Deshpande , Radia Perlman
发明人: Conor P. Cahill , Vinay Phegade , Jason Martin , Anand Rajan , Nikhil M. Deshpande , Radia Perlman
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/41 , G06F2221/2139 , H04L9/3268 , H04L63/0853 , H04L63/0861 , H04L63/0876 , H04L63/108
摘要: Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider.
摘要翻译: 公开了方法,系统和装置以促进基于客户端的认证。 示例性方法包括将身份授权与客户机平台相关联在隔离的执行环境中,将用户身份与身份管理机构相关联,生成与第一服务提供商相关联的第一密钥对,基于第一授权序列生成认证 客户端平台,并签署一部分密钥对的认证,并向第一个服务提供商发送签名的认证,以授权客户端平台和第一个服务提供商之间的通信。
-
公开(公告)号:US20140282868A1
公开(公告)日:2014-09-18
申请号:US13832556
申请日:2013-03-15
IPC分类号: G06F21/31
CPC分类号: G06F21/31 , G06F21/316 , G06F2221/2139
摘要: A system is provided to determine whether to re-authenticate a user based on identification parameter measurements of low power sensors. According to an embodiment of the invention, a system may include a processor that includes analysis logic to determine whether to re-authenticate the user based on parameter values received from at least one of one or more agents. The system may also include authentication logic to re-authenticate the user that includes a confirmation of whether the user is authenticated based on input received from one or more authentication sensors. Other embodiments are described and claimed.
摘要翻译: 基于低功率传感器的识别参数测量,提供一种系统来确定是否重新认证用户。 根据本发明的实施例,系统可以包括处理器,其包括基于从一个或多个代理中的至少一个接收的参数值来确定是否重新认证用户的分析逻辑。 系统还可以包括认证逻辑,用于根据从一个或多个认证传感器接收到的输入来重新认证用户,其包括用户是否被认证的确认。 描述和要求保护其他实施例。
-
公开(公告)号:US20140282893A1
公开(公告)日:2014-09-18
申请号:US13840572
申请日:2013-03-15
申请人: Micah Sheller , Conor Cahill , Jason Martin , Brandon Baker
发明人: Micah Sheller , Conor Cahill , Jason Martin , Brandon Baker
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/57 , G06F2221/2101 , G06F2221/2113 , G06F2221/2137 , G06F2221/2151
摘要: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.
摘要翻译: 在实施例中提供技术来管理认证确认分数。 实施例被配置为在绝对会话时间中识别客户端上的活动用户会话的间隔的开始时间和结束时间。 实施例还被配置为确定表示一组先前用户会话的第一子集的第一值,其中第一子集的先前用户会话活动至少等于开始时间。 实施例还可以确定表示先前用户会话集合的第二子集的第二值,其中第二子集的先前用户会话活动至少等于结束时间。 实施例还基于第一和第二值确定活动用户会话的认证置信度得分的衰减率。 在一些实施例中,该集合基于上下文属性。
-
公开(公告)号:US09342704B2
公开(公告)日:2016-05-17
申请号:US13993421
申请日:2011-12-28
摘要: Enabling access control caches for co-processors to be charged using a VMX-nonroot instruction. As a result a transition to VMX-root is not needed, saving the cycles involved in such a transition.
摘要翻译: 使用VMX-nonroot指令为协处理器启用访问控制高速缓存。 因此,不需要转换到VMX-root,从而节省了这种转换所涉及的周期。
-
-
-
-
-
-
-
-
-
搜索结果
72 条记录 (耗时 0.038 秒)
